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Federal Law Enforcement Training Centers 

FOIA Office 

#187B 

Building 681 

Glynco, GA 31524 

October 26, 2018 

Dear Federal Law Enforcement Training Centers: 

This letter is a formal Freedom of Information Act request for the following records. 

A. Email metadata 

1. For every: 

a. email sent to or from any 

i. Internet domain name owned or operated by or for Federal Law Enforcement Training 
Centers, or 

ii. intranet domain name owned or operated by or for Federal Law Enforcement Training 
Centers; 

b. including all subdomains thereof; 

c. stored on any Government-accessible server, in electronic format, 

1. at the time this request was made, or 

ii. at the time the search on this request was made; 

2. please provide: 

a. the full email header section; but 

b. no part of the body section. 

3. The records responsive to this request should, generally speaking, be stored on the server(s) 
specified in the MX and/or SPF record(s) of the domain name. 

4. The records should be provided 

a. in a standard, open, machine-processable, bulk, database format, such as MySQL dump or 
properly structured CSV, 

b. in ASCII, UTF-8 or UTF-16 encoding, 

c. via electronic transfer, as described below. 

# Clarifying and technical elaboration 


General: 




This request is intended to consist entirely of email metadata (i.e. the header section), not 
email contents proper (i.e. the body section), and therefore to raise only minimal (if any) 
withholding issues under 5 USC 552(b)(5), (b)(6), or (b)(7). 

It is intended to not require any per-record or per-address review. It may require bulk fdtering, 
which I am open to negotiating, as discussed below. 

Even so, this request likely encompasses millions or billions of records, and on the order of 
gigabytes or terabytes of data. It is intended for computer processing, using standard "big 
data" tools and environments. It should be processed directly at the level of email servers, not 
individual clients. 

Element 1: 

"To" includes CC and BCC. 

"Internet domain name" means any domain that IS resolved by Google's public DNS server 
(IP address 8.8.8.8), e.g. *.com, *.gov, *.org, *.net, *.us, & *.mil. 

"Intranet domain name" means any domain that is NOT resolved by Google's public DNS 
server (IP address 8.8.8.8), e.g. *.dcn. These are typically routed via intranet, VPN, or similar 
methods. 

Domain names that are jointly owned or operated by Federal Law Enforcement Training 
Centers and any other entity are to be included unless otherwise agreed to. 

The term "or" means logical "or", not discretionary "or". I.e. you must include each variation 
described, not pick which one(s) you prefer. 

Please note that A.2.a requires that you immediately act to preserve responsive data from 
routine deletion. 

If any part of this element this is an issue for you, please describe 

a. the categories of domain names of concern, 

b. representative examples of each category, 

c. the reasoning for your concern (e.g. why you would find it difficult to enumerate all domain 
names encompassed), and 

d. a proposal for narrowing that would address your concern. 

Element 2: 

The "header section" of an email is defined (most recently) in RFC 5322, § 2. See 
<https://tools.ietf.Org/html/rfc5322#section-2>. 

The "body section" includes any MIME body part header within a multipart construct, but not 
MIME header fields that occur within the header section. See RFC 2045 § 3, 
<https://tools.ietf.Org/html/rfc2045#section-3>. The latter should be provided (per A.2.a), the 
former not (A.2.b). 

If any part of this element is an issue for you, please describe 
a. the header fields of concern, 



b. categories of concerns for each header field, 

c. representative examples of each category, 

d. the reasoning for your concern, and 

e. a proposal for bulk filtering that would address your concern without substantially redacting 
non-withholdable information. 

"Bulk filtering" means a regular expression substitution, in standard egrep/sed/awk fonnat, 
which can be done on the entire set of data (e.g. in MySQL) without requiring any per-item 
human review. (Human review may be needed to spot check samples, to ensure that it is coded 
correctly — but not to review each resulting record.) 

Element 3: 

This request should be processed on the actual servers that store the email, using server- / 
email- administrator level tools. 

This request should NOT be processed using an ordinary email client such as Microsoft 
Outlook, which is not capable of bulk email header processing for all email on an entire 
domain name. 

For instance, according to public DNS records, emails to @dhs.gov or @hq.dhs.gov are 
processed by, and likely stored on, the following servers respectively: 

$ dig mx dhs.gov +short 
10 dhs-gov.mail.protection.outlook.com. 

$ dig mx hq.dhs.gov +short 
10 rlymd-mail-a-03 .verizonbusiness.com. 

10 rlymd-mail-a-01 .verizonbusiness.com. 

10 rlymd-mail-a-04.verizonbusiness.com. 

10 sacca-mail-a-01 .verizonbusiness.com. 

10 sacca-mail-a-02.verizonbusiness.com. 

10 sacca-mail-a-04.verizonbusiness.com. 

10 rlymd-mail-a-02.verizonbusiness.com. 

10 sacca-mail-a-03.verizonbusiness.com. 

Likewise, emails from @dhs.gov or @hq.dhs.gov addresses are processed by, and likely 
stored on, the following servers respectively: 

a) @dhs.gov 

$ dig txt dhs.gov +short | grep spf 

"v=spfl ip4:216.128.251.155 ip4:128.129.88.18 ip4:216.81.91.184 ip4:216.81.85.157 
include:spf.protection.outlook.com -all" 

(Note that the directly referenced IPs are owned by CGI group; the indirect [outlook.com] IPs 
are owned by Microsoft.) 

$ dig txt spf.protection.outlook.com +short | grep spf 

"v=spfl ip4:207.46.100.0/24 ip4:207.46.163.0/24 ip4:65.55.169.0/24 ip4:157.56.110.0/23 
ip4:157.55.234.0/24 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:52.100.0.0/14 
include:spfa.protection.outlook.com -all" 



$ dig txt spfa.protection.outlook.com +short | grep spf 

"v = spfl ip4:157.56.112.0/24 ip4:207.46.51.64/26 ip4:64.4.22.64/26 ip4:40.92.0.0/14 
ip4:40.107.0.0/17 i p 4:40.107.128.0/17 ip4:134.170.140.0/24 
include:spfb.protection.outlook.com ip6:2001:489a:2202::/48 -all" 

$ dig txt spfb.protection.outlook.com +short | grep spf 

"v=spfl ip6:2a01:111 :f400::/48 ip4:23.103.128.0/19 ip4:23.103.198.0/23 ip4:65.55.88.0/24 
ip4:104.47.0.0/17 ip4:23.103.200.0/21 ip4:23.103.208.0/21 ip4:23.103.191.0/24 
ip4:216.32.180.0/23 ip4:94.245.120.64/26 -all" 

b) @hq.dhs.gov 

$ dig txt hq.dhs.gov +short | grep spf 

"v=spfl ip4:216.81.91.184 ip4:216.81.85.157 ip4:216.128.251.155 ip4:128.129.88.18 
ip4:208.73.191.37 ip4:208.73.184.44 mx -all" 

(Note that this SPF record includes IPs owned by both DHS and CGI Group.) 

For domain names without SPF records, please consider the emails that are processed by, and 
likely stored on, whatever outgoing email servers (e.g. SMTP) that are normally used by the 
agency. 

Please note that MX and SPF records may have changed over time. Their current settings may 
not encompass all responsive email, especially if e.g. some email was not moved over during a 
change of service providers. 

If some records are stored in a difficult to access location, such as undifferentiated full disk 
("tape") backups, please explain the details so that we can negotiate a narrowing of this 
request to those records which are readily accessible. 

You need not consider "forged" emails, which purport to be from a domain name but are sent 
from a server not authorized to do so. 

Element 4: 

If the upload methods provided below are not sufficient, I can provide the resources for 
transfer and storage using any robust, standard method (e.g. rsync). If your back-end storage is 
in Google Cloud Storage, Amazon S3, or similar service, or on machine(s) capable of SSH or 
SCP, I can provide for suitable direct back-end transfer. I can work with both pull (I access 
your server) and push (you send to my server) methods. 

Please let me know your storage provider and fonnats, so that we can negotiate a direct server- 
to-server or provider-side transfer method that is cheap and lossless. 

### 

All content after this line is part of my standard template. 

### 

# Prioritization 


Please prioritize, in order: 



1. the items & subitems above, in the order listed 

2. within each item or subitem, most recent records first. 

# Additional requests 
I also request: 

B. all records relating to the fulfillment of this request, such as FOIA logs, documentation of 
searches, referral emails, etc. 

This part of the request is to be processed only after you have completed processing all of the 
above parts. This part does not request that you create any new record; rather, it requests the 
records that you will have created in processing the above parts, and will therefore exist before 
you conduct the search for this part. See McGehee v. CIA, 697 F. 2d 1095, 1100-05 (D.C. Cir. 
1983) (agency must use time-of-search cut-off date, not time-of-request). 

C. all records relating to any complaint(s), FOIA request(s)/appeal(s), and/or Privacy Act 
request(s)/appeal(s) made by me. This includes, but is not limited to: 

1. all records relating to the processing my previous requests, complaints, etc; 

2. all records containing the terms my name, email address(es), and other contact or 
identifying information, listed below my signature; and 

3. all records containing any of my complaint, request or appeal identifiers. 

Parts (B) and (C) must be processed only after you have processed the items above that line, 
i.e. such that at the time of the search, the records described will have already been created at 
the time you conduct the search. Part (C) must be processed after part (B) is completed. 

Parts (B) and (C) may overlap with similar prior requests. However, the cut-off date is, at 
earliest, the date that you complete search on all of the above items. If you wish to 
administratively merge this request with a prior similar request, I consent on condition that 
you extend the cut-off date for the prior request, and provide rolling updates. Otherwise, you 
must treat this as a new request. 

For all responsive records, I also request: 

D. 

1. all parts of the record (i.e. no portion of a record with some responsive portion may be 
considered "non-responsive"); 

2. all versions of the record, whether or not currently in use; 

3. all record metadata, such as dates on which they were drafted, passed, went into effect, 
withdrawn, or similar events; person(s) / office(s) responsible; authors; IDs; revision numbers; 
etc.; 

4. a detailed index of all claims of exemption/privilege, regardless of whether the record is 
claimed to be exempt in whole or in part; 

access to inspect the record directly, in its native electronic format; and 

5. if any classification applies, mandatory declassification review (MDR) under E.O. 13526, 
and the result of the MDR, including any declassified records. 

Items in part (D) should be prioritized at the same level as the record they apply to. 

# Timing 



For all requests above, the "cut-off date" is, at the earliest, the date that you conduct the 
search. 

The priority order listed above is only for items that may take extra time to respond to, and 
must not be taken as blocking response to an otherwise lower priority item that could be 
released more quickly than a higher priority item that is pending time-intensive search or 
review. 

# FOIA IA notice 

Please note that this request is made after the enactment of Public Law No. 114-185, S. 337 
(114th), the FOIA Improvement Act of 2016 (FOIA IA). The revised statute, as specified in 
the FOIA I A, applies to this request. FOIA IA § 6. 

In particular, please note that: 

1. you must provide electronic format documents, §§ 552(a)(2) (undesignated preceding text), 
552(a)(2)(E) (undesignated following text), 552(a)(3)(B), and 552(a)(3)(C); 

2. you may not specify an appeal duration less than 90 days, § 552(a)(6)(C)(A)(i)(III)(aa); 

3. you may not withhold any record unless "the agency reasonably foresees that disclosure 
would harm an interest protected by an exemption described in subsection (b), or disclosure is 
prohibited by law", § 552(a)(8)(A)(i); 

4. you must segregate and partially release records where possible, §§ 552(a)(8)(A)(ii) and 
552(b) (undesignated matter following (b)(9)); and 

5. you may not claim deliberative process exemption for records more than 25 years old, § 
552(b)(5). 

# "Record" defined 

For the purposes of this request, except as otherwise specified, "record" means any agreement, 
appendix, application, assessment, attachment, checklist, circular, contract, correspondence 
(including but not limited to email), data management plan, documentation of search 
parameters, email, email attachment, fonn, guide, handbook, index of records, information 
consent agreement, information sharing agreement, instruction, interpretation, kit, 
management instruction, manual, memorandum, memorandum of understanding, notice, 
notification, opinion, order, plan, policy, policy statement, processing note, publication, 
recording, referral, report, request certification form, request detail report, response, rule, 
script, standard operating procedure, submission, talking point, training document, video, or 
related record described, regardless of publication status. 

# Anti-duplication exclusion 

This request specifically excludes providing me with new copies of any records which have 
been already provided to me or published online for free (e.g. on the agency's online "reading 
room"), in full or identically to the form that would be provided to me under this request (i.e. 
with exactly the same format, redactions, and claimed exemptions). 

This is only an exclusion on providing records under this request that are identical to those 
already provided to me or available online, and only if I am or have already been provided a 
link to the online version (if "available online"). 


This exclusion is only intended to limit unnecessary duplication or provision, not to limit what 



records are responsive to this request, nor to permit failure to disclose the location of a 
responsive record available online. If this exclusion would in any way increase the cost or 
duration to respond to this request, it is to be ignored to the extent it does so. 

This request is to be treated as separate from all others that I have filed. 

# Forwarding; multi-agency / multi-component records 

Please forward this request to the FOIA office of every agency component and subcomponent 
that may have responsive records for independent processing, with a copy to me. 

This request includes any records held jointly by your agency in conjunction with any other 
agency and/or department, in interagency and/or interdepartmental systems of records, or by 
other agencies or third parties (including contractors) acting pursuant any agreement with your 
agency. 

# Minimal redaction 

Please note that the FOIA requires you to service the maximum extent of my request that can 
be done via e.g. partial redaction of exempt material. If you believe some portions of a record 
to be exempt because it contains Sensitive Security Infonnation (SSI, 49 CFR 15 & 1520) or 
classified information (18 USC 798), please provide a version of the record redacted to the 
minimum extent necessary to remove exempt information (e.g. per 49 CFR 1520.15), along 
with adequate infonnation to describe the reason for each specific exemption. 

# Estimates and rolling updates 

In order to help tailor my request, please provide an upfront estimate of the time and cost it 
will take to complete this request, broken down any significant factors that would affect cost 
to service, number of records in each category, and your estimate of how many records in the 
category are likely to be exempt. 

Please provide me with incremental updates, with updated estimates for fulfillment of the 
remainder, rather than having the entirety of the request be blocked until fully completed. 

# No new records; electronic & original fonnat 
This request does not ask you to create new records. 

If you determine that a response would require creating a new record that you do not want to 
create, please first contact me by email with an explanation of what records you have that 
would most closely match the infonnation requested and might be acceptable substitutes, so 
that we can reasonably tailor the request. 

In particular, I specifically request that you do not create new documents in response to this 
request that are modifications of a digital record, such as page-view images, print views, 
scans, or the like. No such creation or substitution is authorized by FOIA or the Privacy Act. 

However, if the same or similar records are held in both electronic and paper formats, this 
request includes both the paper and electronic versions. The paper version and the digital 
version are distinct records, and each may contain distinct information such as handwritten or 
other markings on the paper copy and embedded metadata in the electronic version. 



I specifically request both the original, electronic format record, and (if it contains any 
additional markings) the paper record. 

To the extent that the native electronic format is proprietary or otherwise not in format 
accessible by widely available, open source software, I also request 

1. an export of the proprietary fonnat into a standard, open format, as described below, and 

2. all proprietary software necessary to use and understand the original, proprietary fonnat 
records. 

# Rehab Act § 508 compliance 

Please note that I am partially blind, use screen readers (such as VoiceOver and TalkBack), 
and need to process documents using computer code (which requires machine-readable data). 

In accordance with 5 USC 552(a)(3)(B & C) (E-FOIA), Rehabilitation Act § 508, and FOIA 
IA, I demand that you respond using original, native fonnat, electronic, machine-processable, 
accessible, open, and well structured records to the maximum extent possible — for both the 
content of your response, and any communications about the request (such as response letters). 

This means, e.g.: 

1. native, original format records rather than PDFs or other conversions (see note above re 
providing both native electronic records and scans of paper records, if both exist); 

2. individual files per distinct source record (e.g. one .msg file per email), named clearly using 
the record's identifier, title, and date, rather than a single file containing multiple concatenated 
records; 

3. records compliant with the Rehabilitation Act § 508, 36 CFR 1194.22, USAB ATBCB- 
2015-0002, and ISO 14289-1; 

4. fully digital text records rather than scans, rasterizations, or OCR; 

5. complete electronic records, as held on any computer (including phones, servers, backup 
servers, mail servers, workstations, etc.), including all headers and attachments, fully 
expanded e-mail addresses, full addresses for address "aliases", full lists for "distribution list" 
aliases, all embedded and external metadata, complete bitwise digital copies of the original 
file, all file headers, and all other file content; 

6. blackout rather than whiteout redactions, with every redaction marked with all exemption(s) 
claimed for that redaction; 

7. digital redactions rather than black marker or rasterization; 

8. lists and structured data as machine-processable spreadsheets (e.g. CSV, SQL, XSL) rather 
than word documents (e.g. DOC, PDF, TXT, RTF) or partial printouts (e.g. PDF), 

9. open format records (e.g. PDF, AVI, MPG) rather than proprietary format records (e.g. 
WordPerfect, Microsoft Advanced Systems Format (ASF)) (note above re providing both 
original, proprietary format records and open format records); 

10. scans rather than paper copies; 

11. digital audio/video files rather than physical tapes; 

12. upload to your Electronic Reading Room (or other publicly accessible server) rather than 
personal transfer (for all items other than the item requesting records related to me or my 
requests); 

13. email or (S)FTP file transfer rather than CD; 

14. email correspondence rather than physical mail; etc. 


# Compression, passwords, and uploading large files 



Multiple files may be sent in a combined, compressed fonn using standard ZIP, TAR, GZIP, 
BZIP2, and/or RAR formats, or sent as separate files, at your discretion. 

Do not use any password on any files, including ZIP files etc., unless a password was present 
in the original, native format (in which case, leave it unaltered, and send me the password). 

If there are any files you prefer not to transfer by email (e.g. if they are >10MB), please 
upload them to me via the link listed below my signature. Doing so is secure, completely free 
to you, and I will be notified of the upload. 

# No physical "duplication"; inspection & direct access 

Please note that this request does not request that you physically "duplicate" records, as I do 
not want you to create any paper or other physical copy for me — I only want electronic 
versions (or scans, for records that are not fully available in electronic form). As such, I expect 
there to be no duplication related costs. 

Furthermore, I specifically request access for inspection of the records, including direct 
electronic access, in native fonnat, to any electronic records. 

# No fees agreed to; non-commercial status; journalistic & public interest waiver 

I am not currently willing to pay for servicing this request. I may be willing to pay if it is 
necessary; please send a detailed explanation of the costs and their statutory justification, and 
service the maximum extent of the request that can be done for free in the meantime. 

This request is a qualified request for journalistic, public interest purposes. As such, I request 
fully waived fees, including both public interest fee waiver and journalistic fee waiver. 

1. Fiat Fiendum, Inc. (FF) is a 501(c)(3) nonprofit organization, organized for charitable, 
educational, scientific, and/or literary purposes. 

This request is a part of FF's bona fide educational and scientific purpose activities, which are 
public interest purposes as a matter of law. 

2. FF's actions in matters such as this request are non-commercial. My personal interest in the 
records is also non-commercial. 

3. Both Fiat Fiendum as an organization, and I as an individual, are representatives of the 
news media and entitled to waiver of all search fees. 

4.1 intend and am able to host and publish all received records online to the general public at 
no charge, as well to publish highlights, analyses, summaries, commentaries, and other 
creative, original journalistic and scientific work about responsive records through multiple 
online publications, as part of Fiat Fiendum's work. 

5. The records requested are of significant public interest, entitled to waiver of all duplication 
fees, since 

a. they are requested for 501(c)(3) public interest purposes; 

b. as above, I both am able and intend to disseminate the files widely; 

c. they would contribute greatly to the public understanding of the operations & activities of 
your agency, in that they are records that directly describe agency operations & activities, as 



well as the issues and matters described at the top of this letter; 

d. they are not currently readily available; and 

e. they are likely to be requested by others. 

6. As mentioned above, I am explicitly not asking for any physical duplication, but rather 
direct server-to-server file transfer or email (or posting on your website). FOIA authorizes 
"duplication" fees strictly limited to your agency's actual costs, and mandates that your agency 
use the cheapest available requested methods. I consider the actual costs for server-to-server 
file transfer to be reasonably estimated by, e.g., Amazon S3's pricing 
(https://aws.amazon.com/s3/pricing/). 

7.1 request that, pending fee waiver detennination or appeal, you proceed with this request as 
if it were in the "other non-commercial requester" category. 

# Requester 

This request is made on behalf of both myself, Sai (in personal capacity) and Fiat Fiendum, 

Inc. (in official capacity). 

Please note that “Sai” is my full legal name. 

# Request tracking numbers and estimated completion date 

Upon receipt, and in every followup response, please state your tracking number(s) for this 
request, as well as your specific estimated completion date. 5 USC 552(a)(7). 

# Communication about this request and method for responding 

If you have any questions or updates about this request, please contact me by email, using only 
the MuckRock email address from which this request was sent. Please do not send responses 
to my personal or organizational email addresses unless I specifically request you to do so. 

Please ensure that all of your responses comply with § 508 of the Rehabilitation Act, 36 CFR 
1194.22, and UESB NPRM ATBCB-2015-0002. 

In particular, please make all correspondence pursuant to this request — including notification 
and responsive records — by email, with native electronic fonnat records, as specified in the 
request. I do not authorize you to send anything to me by physical mail unless I specifically 
state otherwise. 

Do not respond using ZixCorp "Secure Mail" or any other method that "expires" records from 
being available. Use only actual email and direct attachments, or upload using the link below, 
unless I explicitly request otherwise. 

# "Reasonable description" and tailoring 

Please note that a request need only be "reasonably described" in the sense that you understand 
what is requested and where you can find it. A request is not improper merely because of the 
amount of responsive records. I will not agree to a limitation premised on this request asking 
for voluminous records. However, I may agree to a limitation premised on the difficulty of 
finding particular records or categories thereof, the quality of records available, paper vs 
electronic fonnat, or similar issues. 



If you believe that any of the requested items are not reasonably described, that they would be 
overly burdensome to fulfill, or that you need any further infonnation, please be specific about 
what you consider vague. 

Please include in any response about "reasonably described", or any request for narrowing, 
specific questions I can answer that would clarify matters for you; specific descriptions of 
what parts of the request more or less burdensome (and why) that could serve as the basis for 
negotiating a narrower request; and any indexes, finding guides, record categories, record 
storage practices, likely places that responsive records may be located, or similar information 
that would allow me to understand your concerns and better tailor the request. 

Sincerely, 

Sai 

President, Fiat Fiendum, Inc. 

Fiat Fiendum is a 501(c)(3) tax-exempt corporation devoted to public interest journalism, 
government transparency and accountability, individuals' civil rights, and related issues. 

Upload link and physical mail address are below. (Again, do not physically mail responsive 
records without my explicit request; send all responses electronically.) 

Filed via MuckRock.com 

E-mail (Preferred): 62785-22887907@requests.muckrock.com 

Upload documents directly: https://www.muckrock.com/accounts/agency_login/federal-law- 
enforcement-training-centers-7792/dhs-email-metadata-federal-law-enforcement-training- 
centers-62785/?uuid-login=f7a80a09-edcd-41 a 1 -ba91 -dda9673b 1 ddO&email=fletc- 
foia%40dhs.gov#agency-reply 

Is this email coming to the wrong contact? Something else wrong? Use the above link to let us 
know. 

For mailed responses, please address (see note): 

MuckRock News 
DEPT MR 62785 
411A Highland Ave 
Somerville, MA 02144-2516 

PLEASE NOTE: This request is not filed by a MuckRock staff member, but is being sent 
through MuckRock by the above in order to better track, share, and manage public records 
requests. Also note that improperly addressed (i.e., with the requester's name rather than 
"MuckRock News" and the department number) requests might be returned as undeliverable. 



